Senior Security Operations Automation Engineer

Wealthsimple is on a mission to help everyone achieve financial freedom, no matter who they are or how much they have. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. We're the company behind some of Canada's leading digital financial products, and are growing faster than ever.
Our team is reimagining what it means to manage your money. Smart, high-performing team members will challenge you to learn and grow every day. We value great work and great ideas — not ego. We're looking for talented people who love a fast-paced environment, and want to ship often and make an impact with groundbreaking ideas.
We’re a remote-first team and output is more important than face time, so where you choose to work is up to you — as long as you have internet access, you can work from anywhere in Canada. Be a part of our Canadian success story and help shape the financial future of millions — join us! Read our Culture Manual and learn more about how we work.
At Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status. Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know.
Security @ WealthsimpleWealthsimple’s Security team protects the systems that help hundred of thousands of users manage billions of dollars in assets. We use a micro service architecture and an agile approach, focused on short iterations and rigorous automated testing, deploying our code over 100 times a day.

In this role, you will have the opportunity to:

• Play a lead role in improving overall security practitioner efficiency through process automation
• Design, engineer, and maintain security monitoring and response solutions that perform at-scale
• Work with a team of analysts and security practitioners to find new ways to accelerate our operations practice
• Enhance our detection, investigation, and response playbooks using automation and orchestration tools
• Build the big board - a consolidated and centralized view of our security controls across Application, Cloud, Network, and Endpoint security domains
• Help develop our investigation methodology to empower the operations team to quickly and easily respond to common incidents
• Proactively identify bad actors as they attempt to engage with our systems and use this information to drive improved process and controls
• Partner with our Security Engineering team to extend the visibility and functionality of our SIEM and SOAR platforms
• Partner with our Fraud Operations team to consult on potential fraudulent activity
• Participate in an on-call rotation for responding to security incidents

We’re looking for someone who:

• Brings 5+ years of experience in the security domain, with a relevant security operations background
• Is comfortable creating automation through SOAR and SIEM platforms (We are a Cortex XSOAR and Splunk shop)
• Has a strong background in scripting (especially in Python, but others are great too!)
• Has a solid understanding of security tools and technologies and understands what logs and integrations would be relevant to support security investigations (XSOAR, EDR, CASB, DLP, threat intelligence, WAF, etc.)
• Believes that honesty, transparency, and inclusivity are important when communicating and working with both internally and external stakeholders
• Is a strong communicator who can work cross-functionally to solve security problems
• Demonstrates good judgement under pressure both in terms of technical problem solving and collaborating cross functionally
• Is eager to learn from your team and others. We value making one another successful!

Nice to haves:

• Experience monitoring corporate endpoints and networks in a zero-trust environment
• Knows the MITRE ATT&CK framework
• Experience working in the fintech industry
• Understands GraphQL and RESTful API models
• Security certifications including GCIH, GCFA, or GCTI are an asset